Ransomware gang abuses Microsoft Teams relays to hide malicious traffic
Ransomware group DragonForce exploits Microsoft Teams’ own infrastructure to evade detection in cyberattacks
Velocity
How fast coverage is spreading — measured hourly from article rate × source diversity. How this works →
The brief
A ransomware gang identified as DragonForce is using Microsoft Teams’ relay servers to mask malicious traffic, according to coverage from multiple cybersecurity outlets. The tactic allows attackers to blend their communications with legitimate Teams activity, making detection harder. Coverage from *CyberPress*, *Security.com*, *Infosecurity Magazine*, and *BleepingComputer* highlights the technical sophistication of the attack, noting that DragonForce leveraged Microsoft’s infrastructure to bypass traditional security measures.
The reports emphasize the growing risks posed by threat actors exploiting trusted platforms for covert operations. Microsoft has not yet issued a public statement on the matter. Watch for potential updates from Microsoft on mitigation steps or patches, as well as further analysis from cybersecurity firms on how widely this tactic is being deployed.
Organizations using Teams may need to review their security protocols to detect anomalous relay activity.
Synthesized by PULSE from the headlines below under a strict no-invention contract. ✓ fact-checked: unsupported claims removed (88% supported) Updated 1h ago.
Quick answers
Which ransomware group is responsible for this attack?
The group identified in coverage is DragonForce.
Has Microsoft commented on the breach?
Coverage does not yet specify whether Microsoft has issued a public statement.
Which companies or platforms are affected?
Microsoft Teams relay servers are being abused, and a major company was targeted, though its identity is not disclosed.
Coverage (5)
- Crooks found a new way to collaborate using Teams – by hiding command-and-control traffic The Register · 5h ago
- Microsoft Teams Relay Abused to Stealthily Route Malware Communications cyberpress.org · 5h ago
- Hidden in Teams: DragonForce Attackers Weaponize Microsoft Teams Relays to Stay Hidden SECURITY.COM · 5h ago
- DragonForce Ransomware Exploited Microsoft Teams to Hide in Attack Against Major Company Infosecurity Magazine · 5h ago
- Ransomware gang abuses Microsoft Teams relays to hide malicious traffic BleepingComputer · 5h ago
Topics
Related trends
Cybersecurity vets protest 'dangerous' US government ban on Anthropic's most powerful models
Cybersecurity experts are protesting the U.S. government's suspension of Anthropic's Fable and Mythos models following a dispute with the White House.
Surge in scams as fraudsters use AI to target people
Financial fraud losses are reaching multi-year highs as the integration of AI tools by criminals facilitates a surge in targeted consumer scams.
Anthropic scrambles after Trump administration freezes its top AI models
US government blocks Anthropic’s most advanced AI models, sending shockwaves through tech and cybersecurity sectors
I pay $20 a month for ChatGPT
Anthropic's Fable 5 model launch sparks debate over performance, restrictive guardrails, and competitive AI landscape.
Iranians report banking disruptions as cards and POS payments fail
Four Iranian banks face widespread service failures following reports of a cyberattack targeting the nation's financial infrastructure.
The FBI built its own replica small town to simulate real-world cyberattacks
The FBI’s 22,000-sq-ft indoor replica town marks a new frontier in cybersecurity training—blurring the line between simulation and reality.